Fake Banking Apps Causing Chaos

June 26, 2025

A new Android banking trojan called FakeCall is capable of hijacking phone calls made to banks. Instead of reaching the bank, the call is redirected to cybercriminals. The trojan installs itself as the default call handler on the infected device, which allows it to intercept and manipulate both outgoing and incoming calls.

The malware is distributed through fake banking apps that impersonate large financial institutions and phishing emails. When users click on a link in the email, they download an APK file that acts as a dropper for the malicious app. Once the user gives the app permission to set itself as the default call handler, the malware gains significant control over the device.

FakeCall can steal sensitive information from infected devices, enabling cybercriminals to deploy targeted attacks. They can send offers via in-app notifications or voice-phishing (vishing) that might be of interest to the target. Regardless of whether the target uses the displayed phone number or tries to call the bank directly, the call will be redirected to the criminals.

The malware is hard to detect as it uses several methods to evade detection and mimics legitimate banking apps. Malwarebytes for Android can help identify and remove these apps.

Source: https://www.malwarebytes.com/blog/news/2024/10/android-malware-fakecall-intercepts-your-calls-to-the-bank

Commentary

The source details that the malware FakeCall is distributed though fake or socially engineered banking applications.

Fake banking apps are malicious applications designed to look like legitimate banking apps. These apps are often distributed through phishing emails, fake websites, or unofficial app stores. Once installed, they can steal sensitive information such as login credentials, personal data, and even intercept calls to banks.

Online scams targeting bank customers have risen by 28 percent, driven by phishing emails and fake banking apps.

In 2020, the FBI reported nearly 65,000 fake bank apps were listed in major app stores. This highlights the widespread impact and the need for robust security measures to protect consumers.

Signs of a fake banking application include:

  • A lack detailed information about their functionality and features
  • Few reviews or consistently poor ratings
  • Developers of fake apps often have generic or unknown names
  • Low-quality icons and images
  • Request permissions that are not necessary for their functionality, such as access to your contacts or messages
  • Are often downloaded from unofficial app stores or through phishing emails
  • Branding inconsistencies such as incorrect logos or color schemes
  • Frequently crashes or has improperly working functions

The final takeaway is always download banking apps from official app stores and verify the developer's information before installation.

Finally, your opinion is important to us. Please complete the opinion survey:

Product

Articles

Are In-Person Work Requirements Gaining Momentum? You Make The Call

A recent survey reveals that in-person work requirements are making a comeback. We want to know what you think. You make the call and join the conversation.

Fake Banking Apps Causing Chaos

A new Android malware intercepts calls made to banks. We examine and discuss the scourge of fake banking apps.

"Ban The Box" Litigation Still Going Strong

A Philadelphia hospital settles a class action over claims it violated the city's Fair Criminal Records Screening Standards Ordinance. We provide some prevention steps.

Does Remote Work Increase The Risk Of Internal Fraud?

A remote employee stole nearly $4.2M from a Florida textile company. We examine why organizations should be extra vigilant in their oversight of remote workers who handle financial transactions.

Do Your Gen Z Employees Need Mentorship? You Make The Call

A survey states that Gen Z workers want mentors. Does your organization need mentors? We want to know. You make the call and join the conversation.